Social Buttons

Saturday, June 27, 2015

Carbanak hacking group steal $1 billion from banks worldwide

No comments :

Carbanak malware offered criminals the chance to steal up to $10 million per heist.

CANCUN, MEXICO: Kaspersky researchers have discovered the theft of $1 billion from banks over the past two years.

Researchers from the security firm, working together with the International Criminal Police Organization (Interpol), Europol and law enforcement agencies including the NHTCU have uncovered a two-year criminal operation which relieved banks of $1 billion worldwide.
Since 2013, the cybergang have attempted to attack banks, e-payment systems and financial institutions using the Carbanak malware. The criminal operation has struck banks in approximately 30 countries.
What makes this crime unusual is the fact individual end users were not targeted; rather, banks themselves were the victims.
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab's Global Research and Analysis Team told attendees at the Kaspersky Lab Security Analyst Summit that tracking the operation began when he was shown a video of a criminal taking money from an ATM without touching the machine.
A bank then requested help from the security company to tackle the problem -- as every ATM in a specific area had been taken from. Originally, Golovanov and colleagues searched for malware in the ATM network itself but came up short -- finding instead "terrible" misconfiguration in network configuration. This led to the discovery of Carberp and Anunak malware code -- open-source malicious code used in Carbanak.
around organization accountability with PII is cause to protect ourselves from identity theft and more, including danger signs, security freeze, fraud alert, and account recovery.e
The presence of this malicious code provided the trail which the team followed to find Carbanak malware in a Moscow-based bank's internal networks. The security researchers found that infection -- which began through three spear phishing emails -- in the bank's networks had remained undetected for two months. In total, 22 Chinese exploits were found.
This one case provided the chance to connect up the dots to other ATM thefts, fraudulent bank transfers and missing deposits in banks across the world. The discovery of Carbanak "united all of the theft cases around the world through one advanced persistent threat (APT)," according to Golovanov.
Once infected with Carbanak, the malware spread across internal corporate networks and tracked down administrator computers before using covert video surveillance programs to capture and record the screens of staff dealing with cash transfer systems.
With this data, the criminal gang were able to mimic staff members and transfer cash fraudulently. Online banking and international payment systems were used to deposit stolen funds in Chinese and US accounts. It is possible that transfers were also made to bank accounts in other countries.
However, criminal activity did not end here. In other cases, the cyberattackers "penetrated right into the very heart of the accounting systems," Kaspersky says. The criminals were able to inflate account balances before fraudulently transferring the money -- a covert way of stealing funds without alarming a bank account owner, as only the inflated balance would be transferred away, leaving the original funds in place.
Another way the cybercriminals were able to steal bank funds was through compromised ATMs. Through Carbanak, bank ATMs were "ordered" to dispense cash at pre-determined times, where a criminal associate would be waiting to collect the payment -- the case in question which brought Carbanak to the notice of the security firm.
It is estimated that by hacking into banks, the cybercriminals were able to make off with approximately $1 billion over 24 months. The largest amounts were stolen by breaking into banks directly and stealing up to $10 million in each raid, according to the security experts. On average, each robbery took between two and four months to complete from infection to theft.
The researchers say it is likely the criminal actors originate from Russia, Ukraine, Europe and China. Countries including the US, UK, Australia, Canada and Hong Kong have been targeted -- and the operation remains active.

"These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn't even need to hack into the banks' services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.

Wednesday, May 6, 2015

Samsung Gallaxy S6 Memory bugs aren't the only issues

No comments :

Samsung Galaxy S6/S6 Edge bugs pile up

Memory bugs aren't the only issues plaguing Samsung's flagship smartphones. There are plenty of other fixes that need to make their way to the handset. However, until they are fixed, the handset is a bad bet for BYOD.

Image: Josh P. Miller
Memory bugs aren't the only issues plaguing Samsung's flagship smartphones. There are plenty of other fixes that need to make their way to the handset.Along with the memory bug, which causes background apps to be refreshed when they are switched back to because of the aggressive way the handset is managing RAM, there are other issues that affect connectivity and battery life.
The connectivity bugs are similar to the issues that plagued iOS 8 users, where Wi-Fi connectivity is slow and unstable. There are a number of reported workarounds, but just as with bugs that affected iOS, their success is limited and there are plenty of people for whom they don't work.
Then there are the battery issues. While some were predicting battery issues before the S6 and S6 Edge were launched - the battery is smaller than found in the S5, and on top of that it is not user-replaceable - things are worse than imagined. Some users have reported that the handset can't make it through a day without needing a recharge.
Again, there are spells and incantations that you can throw at your new handset, but again the success of these is hit and miss.
Bottom line, these issues - along with a raft of more minor bugs that affect the handsets - will need to wait for official fixes to be sent to the devices. These will come either in the form of official Android updates or patches coming direct from Samsung.
In the meantime, I recommend holding off on the S6 and S6 Edge, especially for BYOD. It's bleeding-edge tech and teething troubles are to be expected. It doesn't make sense to use a buggy device that could cost you or your business time and money.
Adrian Kingsley-Hughes

Thursday, April 30, 2015

Self-learning systems to replace humans in manufacturing


Self-learning systems to replace humans in manufacturing

Summary:New self-learning systems are bringing increased speed and efficiency to manufacturing processes. They may also reduce reliance on humans during ramp-up.

Robots are cracking eggs and making ice cream sundaes. These aren't just party tricks. The way robots learn to do complex tasks is changing, and that has profound implications for the future of manufacturing.
The egg-cracking robot comes courtesy of researchers at the University of Maryland and NICTA, an information and computer technology research center in Australia. Their robotic system learns processes by watching YouTube videos. "Our ultimate goal is to build a self-learning robot that is able to enrich its knowledge about fine grained manipulation actions by watching demo videos," writes the project's lead researchers. The robot utilizes object and grasping type recognition, along with a deep-learning framework that allows it to compile an ever-growing bank of skills and functions. It can recognize what a person is holding in a video, learns how they're holding it, and converts their actions into repeatable steps.

It's not difficult to see how systems like this might be utilized to improve automated manufacturing or bring new automation systems to areas of production that haven't seen much automation yet. An investment in a single robotic system capable of learning a variety of tasks without specialized programming would be attractive to small manufacturers that do short production runs, for example. A bot that can learn from watching other people could also fine tune its own actions through trial and error, essentially learning from its mistakes. That's what researchers at Lappeenranta University of Technology (LUT) in Finland had in mind when they developed a self-adjusting welding system. The welder uses sensors controlled by a neural network program to detect mistakes in the welding process and calculate other errors that are likely to arise. It fixes its own mistakes while learning how to avoid future slip-ups. In effect, the system gets better and more efficient on its own, without needing intervention and optimization from a technician.
LUT's self-learning welder
The LUT system was specifically developed for welding high strength steel, a material used in extreme conditions and one that's difficult to work with. "In the Arctic, welds must be of higher quality than in warmer regions," says Project Manager Markku Pirinen. "In the North, errors would have catastrophic consequences. For example, the welds must be able to withstand temperatures of up to -60 °C, and they must be flawless." Pirinen points out that the smart welding system will bring significant savings by eliminating the need for post-welding checks and repairs.
The potential for fully automated, self-learning, and self-aware manufacturing systems led a consortium of businesses and institutions led by the University of Nottingham to undertake the Fast Ramp-Up and Adaptive Manufacturing Environment (FRAME) project a few years back. "The aim of the FRAME project is a paradigm shift from the conventional human-­driven ramp-­up and system integration process to fully automated, self-­learning and self­aware production systems," according to a report issued at the conclusion of the investigation. Ramp-up is necessary anytime a manufacturing device is moved, deployed, or constructed, and it typically entails an intensive and person-centered process of fine-tuning and optimization. Oftentimes technicians rely on trial-and-error to move devices toward their maximum sustainable output, and this ends up costing manufacturers significant downtime. It also adds as much as 65% to the underlying cost of a manufacturing system.

FRAME targeted the medical device, automotive, and aerospace industries, which present unique manufacturing challenges and constraints. The aim of the project was to develop a system that would reduce time-to-market and time-to-volume for newly configured machines by 30 percent. Researchers sought to do this by creating a system that first learned from humans. By correlating operator actions to changes in productivity, the FRAME system could begin to solve problems without the need for further human intervention. Like LUT's welding machine, the system could also identify errors and take significant action on its own to correct them.
In trials, the FRAME project demonstrated a 30 percent decrease in failure rates, a 64 percent increase in ideal outputs, and a 12 percent improvement in cycle time. The research is now being adapted for use beyond the FRAME target industries. It's a safe bet that high skilled jobs related to systems optimization will soon be imperiled by the technology, and with increased efficiency and adaptability, self-learning systems are sure to increase the prevalence of automation within and beyond heavy manufacturing.

credit:-Greg Nichols 

Tuesday, April 28, 2015

Thousands of iOS apps left open to snooping thanks to SSL bug

No comments :

 Thousands of iOS apps left open to snooping thanks to SSL bug

Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.

The latest version of AFNetworking, 2.5.3, fixes a weakness in the library's domain name validation process. SourceDNA, the security firm that discovered the recurrent flaw, said on Friday that at least 25,000 apps are still running an outdated version.

"If you are using AFNetworking (any version), you must upgrade to 2.5.3," SourceDNA said. "Also, you should enable public key or certificate-based pinning as an extra defense. Neither of these game-over SSL bugs affected apps using pinning."

Explaining the bug, SourceDNA added: "Domain name validation could be enabled by the validatesDomainName flag, but it was off by default. It was only enabled when certificate pinning was turned on, something too few developers are using."

The net result for end users is that an attacker on the same wi-fi network could fairly easily view data in transit, which should otherwise have been encrypted. "Because the domain name wasn't checked, all they needed was a valid SSL certificate for any web server, something you can buy for $50," Source DNA said.

Somewhat oddly, the bug appears to have crept back into the 2.5.2 release despite the same issue being addressed in a prior version.

As per AFNetworking's update on GitHub last week, the library's default security policy now validates the domain name and doesn't validate against pinned certificates or public keys.
The bug in the 2.5.2 release was discovered by a security engineer at Yelp, one of many companies that use the library. Security researchers looking at previous SSL bugs in the library have noted that other popular apps such as Pinterest, Heroku, and Simple used it for OS X and iOS apps.

Monday, April 27, 2015

Turn your iPhone or Android smartphone into a satellite phone

1 comment :

Turn your iPhone or Android smartphone into a satellite phone

The modern smartphone is a wonder of modern technology, and in combination with the carrier network can allow you to make calls from the densest urban jungle to Mount Everest. But despite the amazing global coverage of the carrier networks, sometimes it just isn't enough.

This is when you need to rely on satellite coverage. And believe it or not, you can add satellite capability to your existing iPhone or Android smartphone. Yes, that's right, you no longer need a dedicated satellite phone. What you need is a Thuraya SatSleeve.

In addition to offering support for calls and SMS messaging, the latest SatSleeves also have satellite data functionality for emails, instant messaging, browsing and so on.

Just slide on the sleeve, and BINGO! You have a satellite phone. Yes, calls and data are going to cost you an arm and a leg (don't be surprised if it adds up to several dollars a minute depending on where you want to use your handset).

The SatSleeve comes in two flavors:

  • SatSleeve for iPhone: Adaptor for iPhone 5/5s is inside the package (adaptors for iPhone 4/4s and iPhone 6 are available separately from Thuraya Service Partners)
  • SatSleeve for Android: Adaptor for Samsung Galaxy S4 is inside the package (adaptors for Samsung Galaxy S3 and S5 are available separately from Thuraya Service Partners)
The SatSleeve isn't cheap -- around $499 -- but if you need coverage where there isn't a ground-based carrier service, this could very well be what you need.

See the Video
 Follows us for More Information

Saturday, April 25, 2015

Apple security features can be easily bypassed, says researcher

No comments :

Apple security features can be easily bypassed, says researcher

Security tools baked into Macs designed to protect users from malicious content can be easily bypassed, according to one security researcher.

In a talk at the RSA Conference in San Francisco on Thursday, Synack director of research Patrick Wardle described how two OS X security tools can be bypassed to run malware.
"It's trivial for any attacker to bypass the security tools on Macs," said Wardle, according to ThreatPost. "If Macs were totally secure, I wouldn't be here talking."
Those two security features, Gatekeeper and XProtect, were added in the more recent versions of OS X in response to a rising threat of malware aimed at the alternative operating system.
Gatekeeper, added in OS X 10.8 "Mountain Lion," restricts which apps can be opened and run on a computer. Most have it set to apps verified through the Apple App Store, or from verified developers. XProtect, a rudimentary malware scanner for the Mac introduced even earlier in OS X 10.6 "Snow Leopard," can block certain apps and plugins from running if there are known vulnerabilities.
"Gatekeeper doesn't verify extra content in the apps," said Wardle. When the app is opened, either Gatekeeper knows where it's from and allows it, or it doesn't and it shuts the app down. But it doesn't continually check the app, which Wardle said can be a problem. "So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," he said.

(Image: Patrick Wardle/Synack)
He also said XProtect was "trivial" to bypass.
By recompiling a known malware sample to change its hash, Wardle could sneak the malware past XProtect and run it on the target computer. Although he called XProtect's sandboxing feature "strong," it can be bypassed with a number of known vulnerabilities at the kernel level, which he said undermine its security.
We reached out to Apple for comment, but did not immediately hear back.

Thursday, April 23, 2015

write your search terms with your finger instead of typing the words on the keyboard

No comments :

 Write your search terms with your finger instead of typing the words on the keyboard

You can write your search terms with your finger instead of typing the words on the keyboard. As you write, your handwritten text converts into words in the search box.


Turn Handwrite on or off

  1. Visit the Search settings page from your phone or tablet. 
  2. Go to the Handwrite section.
  3. Select Enable to turn on and Disable to turn off.
  4. At the bottom of the page, touch Save.
Note: You might need to refresh your browser to see the changes you've made.

How to search using Handwrite

  1. Once Handwrite is turned on, visit google.com on your mobile device.
  2. In the lower right corner of the screen, touch the Handwrite icon .
  3. Use your finger to start writing your search terms anywhere on the screen. As you write, your handwritten text converts into typeface in the search box.
  4. Touch the search icon to start your search .

Tips and tricks

  • Delete letters: Touch the backspace icon at the bottom of the page .
  • Start over: Touch X in the search box at the top of the page.
  • Clarify characters: When you type a character that could be mistaken for another, like 0 (the number) and O (the letter), a list of options might appear at the bottom of the screen.
  • Use predictions: To help save you time, a list of predicted search terms might appear in the search box as you write. Touch a prediction to search for that term, or touch the arrow to the right of a query to explore related searches .
  • Include symbols: Try symbols and special characters like +, @, &, and $.


You can use Handwrite on these devices:
  • Android 2.3+ phones
  • Android 4.0+ tablets
  • iOS 5+ phones & tablets